fresh-wire-95028
10/21/2021, 4:03 PMaws:iam:SamlProvider (default):
error: Preview failed: unable to delete resource "urn:pulumi:toli::xxx::aws:iam/samlProvider:SamlProvider::default"
as it is currently marked for protection. To unprotect the resource, either remove the `protect` flag from the resource in your Pulumiprogram and run `pulumi up` or use the command:
`pulumi state unprotect urn:pulumi:toli::xxx::aws:iam/samlProvider:SamlProvider::default`
prehistoric-activity-61023
10/21/2021, 4:11 PMpulumi stack export
• remove manually the resources from the exported JSON
• import it back
• remove reference from the source code
• run pulumi up
so it syncsfresh-wire-95028
10/21/2021, 4:12 PMnew aws.ec2clientvpn.Endpoint(endpointName, {
..
authenticationOptions: [
{
type: 'federated-authentication',
samlProviderArn: 'ARN GOES HERE',
},
],
});
prehistoric-activity-61023
10/21/2021, 4:13 PMfresh-wire-95028
10/21/2021, 4:17 PMpulumi stack export
. I thought it generates this stuff on demand based on my code. But practically I've seen it tends to differ in some scenarios. Like I always run into this pending operations
problem, where I have to manually go in and delete that part of the JSON. But I don't really follow why.prehistoric-activity-61023
10/21/2021, 4:18 PMpulumi stack export
dumps the current state of your stackpulumi stack export
is how the current state according to pulumi looks likepulumi up
command, you might be asked to manually adjust the state file (by doing export -> fix -> import)fresh-wire-95028
10/21/2021, 4:20 PMaws:iam:SamlProvider (default):
error: Preview failed: unable to delete resource "urn:pulumi:toli::xxx::aws:iam/samlProvider:SamlProvider::default"
as it is currently marked for protection. To unprotect the resource, either remove the `protect` flag from the resource in your Pulumiprogram and run `pulumi up` or use the command:
`pulumi state unprotect urn:pulumi:toli::xxx::aws:iam/samlProvider:SamlProvider::default`
I don't see a reference to it in my code.
At some point I tried doing a pulumi import aws:iam/samlProvider:SamlProvider ...
and it gave me the code necessary (which included a long XML file). I didn't want to deal with storing that XML file...so I decided to keep it custom.
Could that import
have somehow put that resource into my state, without putting it in the code?prehistoric-activity-61023
10/21/2021, 4:21 PMfresh-wire-95028
10/21/2021, 4:21 PMprehistoric-activity-61023
10/21/2021, 4:22 PMfresh-wire-95028
10/21/2021, 4:22 PMprehistoric-activity-61023
10/21/2021, 4:23 PMnew aws.ec2clientvpn.Endpoint
to your code it does… nothing. You just declared that you want it.
3. When you run pulumi up
it compares the current state (nothing) with your desired state (one aws.ec2clientvpn.Endpoint
resource). In result, it generates action to CREATE it.aws.ec2clientvpn.Endpoint
with appropriate urn
is added to the statepulumi up
it doesn’t do anythingDELETE
action as a resultCREATE
action (and it already exists)get
(https://www.pulumi.com/registry/packages/aws/api-docs/iam/samlprovider/; part Look up an Existing SamlProvider Resource
)fresh-wire-95028
10/21/2021, 4:32 PMtoli
stack, without it touching the provider or complaining 🙂
Thanks a bunch!prehistoric-activity-61023
10/21/2021, 4:34 PM